detection-rules icon indicating copy to clipboard operation
detection-rules copied to clipboard
verified publisher icon elastic

[Bug] Creating New Terms via CLI

Open eric-forte-elastic opened this issue 9 months ago • 0 comments

Describe the Bug

Summary

Creating a new terms rule via the CLI will currently not prompt the user to supply the new_terms field(s) preventing the user from being able to create the rule.

(See gif for details)

To Reproduce

  1. Run python -m detection_rules create-rule
  2. Choose new-terms
  3. Attempt to complete rule
  4. See error

Expected Behavior

Rule should be created successfully.

Screenshots

Image

Desktop - OS

None

Desktop - Version

No response

Additional Context

At a minimum changing line 188 of detection_rules/cli_utils.py result["value"] = schema_prompt("new_terms_fields", value=kwargs.pop("new_terms_fields")) to result["value"] = schema_prompt("new_terms_fields", value=kwargs.pop("new_terms_fields", None)) will resolve the initial issue of the lack of prompt for new_terms fields, but I expect more changes will be needed to fix the issue.

eric-forte-elastic avatar Mar 26 '25 13:03 eric-forte-elastic